Security Intermediate

What is RBAC (Role-Based Access Control)?

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

RBAC simplifies permission management. Instead of assigning 50 permissions to each of 100 users, you create roles (Admin, Editor, Viewer) with appropriate permissions and assign users to roles. Changing a role updates all users with that role.

RBAC supports role hierarchies (Admin inherits Editor permissions), separation of duties (no single role has all power), and audit compliance. Most applications implement RBAC: database systems, cloud platforms (AWS IAM roles), and web frameworks.

Learn More About This Topic

SELinux & AppArmor Guide

Related reading

Linux Security Hardening

Related reading

SOC Analyst Fundamentals

Related reading

Related Terms

An authorization framework that allows third-party applications to access user resources without sharing passwords.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

View All Security Terms →